Captive portal for https traffic without SSL decryption

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Captive portal for https traffic without SSL decryption

L3 Networker

Dear community,

 

I´m currently facing this challengue:

Do you know whether it´s possible to have captive portal working for https traffic without using SSL decryption?

 

This requirement is not clear in the admin guide but I understand it is according the the article below:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClevCAC

 

Due to some internal policies deploying SSL decryption wouldn´t be feasible so I´d really appreciate your answers on this topic.

 

Thank you!

1 REPLY 1

Cyber Elite
Cyber Elite

@Carracido,

You need to decrypt the traffic to effectively redirect to the captive portal correctly. If office politics aren't allowing you to setup decryption, you could potentially just setup a decryption rule for unknown users. This would allow the captive portal to be fed to the user correctly when visiting HTTPS sites while still NOT decrypting traffic as long as the user is identified. That might be an acceptable compromise to get things working correctly and still meet requirements to not decrypt traffic? 

  • 2688 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!